That is correct. OSA does not detect exploiting methods, so it cannot be an anti-exploit software. But still, it is the software with several anti-malware and anti-exploit prevention abilities....
To me, delivery is not exploitation, exploitation is the act of abusing a vulnerability. Eternal Blue is an kernel exploit, it abuse a vulnerability.
Default-deny tools (anti-exe, etc...) don't prevent exploitation of vulnerabilities.
The only thing they can do, is they will prevent (as you said) either delivery of the exploit or the post-exploitation part of the attack chain (like abusing rundll32.exe, etc....)
Anti-Exploit software are HMPA, MBAE, Windows 10 Exploit Protection and some components in suites, which can prevent exploitation of vulnerabilities, which occurs most of the time via memory attacks.
There is no such thing as "basic anti-exploit", this is just marketing shenanigans made by some vendors to make their solutions more appealing. And many fall for it and parrot it across boards, so unaware people believe that your so-called basic anti-exploit (aka Default-Deny) will protect them from in-memory REAL exploits/attacks.
"This test allocates a piece of non-executable memory on the heap and copies shellcode to start calc.exeAlmost certainly.
But the important thing is that it has stopped the DEP Exploit Test which is not blocked by MBAE.
This is interesting to me.
You found the right sentencingHitmanPro will detect and block the exploiting method - this is what anti-exploit should do.
OSA will block the payload execution, as post-exploitation (post-infection) prevention.
Hello guys, hope all of you are fine during this particular situation.
Just wanted to let you know about some updates:
We've been working the past 8+ months on cloud-based services, such as APIVoid - a service that offers JSON APIs for threat analysis and detection, more information here:
Threat Analysis APIs for Threat Detection & Prevention | APIVoid
We're now back on track but to keep up with software development (time, code sign, certificates, servers, testings, fixes, updates, etc) we'll change a few things, one of which is that OSArmor and other software will become subscription-based.
The new version of OSArmor will be available soon for subscribed users.
We've mostly finished working in the auto-update of OSArmor so it will safely update to new versions automatically without user intervention. Plus we've added options to update CustomBlock.db and Exclusions.db rules from a remote URL, that should be useful to companies.
I'll have some updates on this soon (no parallel projects now so we're working on these changes full time).
We have other good news, but lets first complete this "phase 1".
Will keep you updated here regularly.
Honestly it is a quality piece of software and I don’t mind paying him for his work if the price is reasonable.I have Edge now so no need to block it anyway for me. I just wanted to let people know that the New Edge is not getting blocked without a custom rule,...www.wilderssecurity.com
A copy past of Andreas post at Wilders.
Sad to see that OSArmor and other software will be subscription-based from now on.
Everyone, including all of us, have lives, sometimes a family, to take care of, it isnt really all that weird for developers to go quiet for a while.I wouldn't like to pay for this kind of development, how long time all about OSArmor was quiet and now after almost two years he decide to inform users what is going on from now, that isn't much user friendly at least from my point of view...
Not to mention it was freeware. So in terms of development time anything that generates revenue takes priority.Everyone, including all of us, have lives, sometimes a family, to take care of, it isnt really all that weird for developers to go quiet for a while.
I agree with @silversurfer on this. Developers can also talk as everyone else and give information. Say nada/nothing for that extrem long time period don't really create the keyfactor, trust. Personal I would and will avoid this tool.Everyone, including all of us, have lives, sometimes a family, to take care of, it isnt really all that weird for developers to go quiet for a while.